How is Data Stored in Confluence?
Confluence is one of Atlassian’s most popular collaboration tools, a team workspace where users can create, capture, and coordinate on a variety of project types. Confluence’s role as a hub for sharing documents and creating templates means that, for many organizations, some of their most confidential data may live within their Confluence spaces.
Many companies are leaning on Confluence to share knowledge during the pandemic, with big names like Facebook and Netflix allegedly using the platform internally. In previous iterations, Confluence acted more like a user wiki, where developers could collaborate informally. However, the platform has evolved to have more structure –– and thereby encouraging users to share even more data than ever before.
The focus of Confluence is to provide a workspace for collaboration and sharing of knowledge. When it comes to providing safeguards to prevent confidential information from being accessed externally, Atlassian relies on third-party apps, like Nightfall AI, to provide DLP functionality within the service. Here’s what you need to know about Atlassian’s Confluence tool and how to protect your organization’s valuable data.
How is Confluence structured?
Understanding the structure of Confluence can help you assess how to best protect any confidential information you have saved in the platform. The structure of Confluence starts with pages. A page is similar to a Google Doc in that it is a living document where users can share notes, project plans, reports, troubleshooting guides, and more. Confluence also offers templates to give you a starting point for many kinds of content.
Then, pages are stored in spaces. A space is where teams keep content organized and collaborate on a specific project. For instance, a marketing team will have a space filled with pages that represent ongoing advertising campaigns.
Finally, space content is organized in a hierarchical page tree. This feature acts as a navigational menu to help team members find the pages they’re working on in spaces.
As you decide that Confluence is a solution for your company, understanding this basic storage structure will help your team conceptualize how to develop a data classification and data protection strategy that’s hinged on strong user permission controls. Permissions ensure that only stakeholders who are granted access are authorized to view, add, modify, export, or delete data in Confluence. Having an idea of where you’ll need controls – whether at the product level, site level, or organization level – will help make sense of how to set up these roles for your organization. Beyond this, you’ll need to ensure that the admins who have access to your Confluence admin console understand how permissions function in Confluence.
Accordingly, paid plans for Confluence have three levels of permissions:
- Global permissions, which are broad and site-wide;
- Space permissions, which uniquely apply to the space specified by an administrator (usually the space creator);
- Page restrictions, which allow admins to restrict the view or editing of specified pages by specific groups or users.
As you might expect, these features enable a lot of data sharing in pages and spaces across an organization. Confluence implements cloud storage to enable remote teams to access pages and information wherever they might need.
Both Jira and Confluence primarily store information in the form of attachments. As far as storage, these two tools each come with their own storage limitations, depending on what plan you’re on. For Confluence, a premium plan comes with unlimited storage, while free plans are limited to 2GB. Atlassian stores the data of its customers in the cloud through Amazon Web Services (AWS).
How does Confluence keep data secure?
Primarily Atlassian and Confluence view security through the lens of network protection. However, Confluence offers security to its customers in three general categories.
- Network security: Atlassian performs regular network security scans of both its internal and external infrastructure and employs third-party experts to complete pen-tests on high-risk products
- Physical security: The company enforces security at physical data storage centers and encrypts data in motion.
- Privacy protection: The platform includes access control, encryption, communications security, and things like multi-factor authentication to help protect user privacy.
It’s important to note that Atlassian does not provide any built-in data loss protection (DLP) functionality across its platforms. Instead, the software company relies on third-party solutions like Nightfall to discover and classify sensitive data directly within Confluence.
Nightfall DLP for Confluence improves data loss protection in three stages: discovery, classification, and protection. First, Nightfall will continuously monitor data as it flows in and out of silos in Confluence. Then, leveraging over 100 detectors, Nightfall will automatically classify sensitive data and PII. Automated workflows built-in to Nightfall’s platform protect this data by flagging it for quarantine, deletion, redaction, alerting and more. And, Nightfall can be quickly added to Confluence using an API or through Atlassian’s app marketplace.
Learn more about Nightfall for Confluence by scheduling a demo at the link below.